A report released this month by the European Network and Information Security Agency (ENISA) has investigated the utility and applicability of cloud services for governments across Europe.
The report, entitled “Security and Resilience in Governmental Clouds” aims to provide a decision making model that can be used by governments and other public bodies, to assess the information security challenges posed by cloud computing and to guide them in the definition of their requirements when planning such a migration.
All in all it is a thorough piece of work and should absolutely be on the recommended reading for anyone; private enterprises included, considering the commercial benefits of cloud.
One conclusion of the report though did seem at best premature, if not a little under researched. The report recommends:
“its [public cloud] adoption should be limited to non-sensitive or non critical applications and in the context of a defined strategy for cloud adoption which should include a clear exit strategy.”
On the face of it this is sensible advice but unfortunately the report does not go on to address the strategies and technologies that exist to mitigate these risks, making public cloud a viable and secure platform for enterprises and public bodies alike.
Some of the risks identified in the report are: improper access to confidential data (either at the service provider or by intrusion), service provider lock-in due to proprietary technologies, lack of audit and monitoring capabilities, concerns over application and OS patching strategies and access to encryption keys among others. Unfortunately the recommendations while sound do not offer any concrete detail on architectural strategies that overcome these issues even though this is already a technical possibility, at least in the Infrastructure as a Service model.
The multi-tenanted nature of public cloud means that organisations need to be able to reduce their effective perimeter to the edge of their virtual machine, effectively segmenting their systems away from other customers. The service provider’s network should be treated as public.
In the IaaS environment the customer retains ownership of and responsibility for the patch levels of their virtual machines, host level firewalling and vulnerability shielding offer the opportunity to neutralise the threat of exploitation of vulnerability, even in the absence of a patch. Log and file integrity monitoring offer a means of audit and control and in the IaaS environment are simple to implement at host level.
The challenge of data security in public clouds has typically been more complex to answer, as encryption services are usually managed by the cloud provider. Organisations need the ability to segment their data away from other customers but also away from the service provider.
Service providers need that too, otherwise they risk inheriting some serious liability. Data should be provisioned to the cloud in an encrypted format, the data owner should retain ownership and control of the keys and only the customer’s own machines should be able to get access to those keys ensuring that the data is only ever in-the-clear inside the secure perimeter of their own virtual machines.
Properly architected data encryption that operates transparently and is engineered for the cloud, encryption that is managed by the customer and not the service provider is a business enabler. It accelerates adoption of cloud services, drives down costs, and allows regulatory and legislative compliance. It means you no longer have to worry about how you’re going to delete the cloud when you decide to change service provider.